How to verify the file was successfully encrypted...
Jonathan Rockway
jon at jrock.us
Wed Jul 12 20:11:20 CEST 2006
> There is no way to design such a self-check. This isn't a lack in
> GnuPG, but a design impossibility for any program. Think about it: a
> "check mode" would try and account for a bug in GnuPG and warn you
> that the file was not encrypted properly. However, if you're
> presuming a bug, then who says you should trust the check mode?
>
> If GnuPG completes successfully, that means it succeeded. If you want
> more assurance than that, the only way to do it is to decrypt the file
> and compare.
>
If you wanted to be really sure that GPG didn't mess something else, try
decrypting it with some other OpenPGP implementation. If you're using
perl, use Crypt::OpenPGP. (And Text::Diff to do your diff, and
File::Slurp to read in the files for Text::Diff :)
BTW, why are you encrypting these files anyway? If someone broke into
your computer they could just steal the crypto key too.
Regards,
Jonathan Rockway
More information about the Gnupg-users
mailing list